Policy Management software has promised a great deal, but what do the vendors actually offer for the money?
If you've had to research policy management offerings you have rapidly come to the conclusion that there are plenty of products, but a clear definition of "policy management" as it pertains to products is sorely lacking.
Deciding what policy management product is right for your company is daunting. First, this is a relatively new class of software. Second, "policy management" can refer to security, VPNs, network traffic, network QoS (quality of service) and/or LANs -- therefore communications, network/systems management and security vendors all have products. So don't look for consistent feature sets.
At the low-end, policy management products are templates designed to help managers define and publish policies usually on their intranet. As for the products included in this guide, some configure network devices remotely to simplify implementation and maintenance of policies. Some are products that enforce system checks and security policy. Others are part of network or systems management suites and try to integrate all policy features. Because products are so varied, we added brief vendor product descriptions to each of the products we've included in this guide.
Some descriptions note that the product supports or is COPS (Common Open Policy Service) compliant. This is a standard for exchanging policy information in a network. It permits switches and routers to reserve bandwidth based on a policy that stipulates group or individual user priority.
For more on the basics of policy management read the companion CrossNodes Briefing on Policy Management by Gerry Williams, and try these keywords:
- policy management
- systems management
- network management
- system security
- quality of service
- policy server
Vendor: Allot Communications
NOS: Windows NT 4.0
Description: Policy-based system that allows the defining of
policies that automatically effect change on specific equipment
in the network environment. Manages, controls and monitors traffic
enforcement devices and enables QoS settings in Cisco routers.
Supports Allot, Cisco and RADGUARD devices.
Web Product Information: www.allot.com/html/products_netpolicy.shtm
Vendor: CheckPoint Software Technologies Ltd.
Product: Visual Policy Editor
NOS: Windows platform
Description: A security policy visualization tool that provides
a detailed, graphical map of an organization's security deployment.
Web Product Information: www.checkpoint.com/products/vpe.html
Vendor: Cisco Systems
Product: CiscoWorks2000 QoS Policy Manager
NOS: Windows NT with Service Pack 5 or higher;
Windows 2000 with Service Pack 1
Description: Provides end-to-end quality of service (QoS) for converged networks.
Delivers differentiated services across network infrastructures with converged
voice, video, and data applications, using Cisco IOS. and
Catalyst. OS Software
with built-in QoS mechanisms in LAN and WAN switching and routing equipment.
Web Product Information: www.cisco.com/warp/public/cc/pd/wr2k/qoppmn/index.shtml
Vendor: Enterasys Networks
Product: NetSight Policy Manager
NOS: Windows NT/98/2000; Solaris 2.6, 2.7, 2.8
Description: Role-based administration modeling. Provides a graphical
view of the whole enterprise, not only individual devices. Instead
of viewing and configuring each switch, router or other network device
individually to achieve a common goal for the network, the network is
configured as a single system.
Web Product Information: www.enterasys.com/products/items/NETSIGHT-PM/
Vendor: IP Highway
NOS: Windows NT 4.0 and Service Pack 4 or higher; Windows 2000
Description: 3-tier, distributed, software solution. Components include a
Management Console, Policy Administrator and Policy Server. Supports
Cisco, Nortel, COPS complaint and devices supported by IPHighway device driver.
Web Product Information: www.policymanagement.com/
Vendor: Nortel Networks
Product: Access Policy Manager
NOS: Windows NT 4.0, HP-UX 10.20, Solaris 2.6
Description: Provides secure application access through role-based policy
management. A software suite that manages access to distributed web-based
Web Product Information:
Product: Optivity Policy Services
NOS: Windows NT 4.0, Solaris 2.5, 2.6
Description: Provides a system-level management framework for policy management.
Allows Quality of Service (QoS) to be configured on a system-wide level
rather than a per-device basis.
Web Product Information:
Vendor: Packeteer Inc.
NOS: Windows NT V4.0 with Service Pack 6 or higher
Description: Centralized policy management and operating system software for
Packeteer bandwidth management devices running PacketWise 5.0. Centralizes
performance information and propagates configuration changes to large numbers
of Packeteer appliances.
Web Product Information: www.packeteer.com/products/cntlMgmt/index.cfm
Vendor: Tivoli Systems
Product: SecureWay Policy Director
NOS: AIX, Solaris, Windows NT 4.0, Windows 2000, HP-UX 11.0
Description: Provides role-based policy management. A secure policy-based
authorization solution for e-business and legacy applications.
Web Product Information: